PING informal chairs' summary for 22 August 2013
Thank you to our guests from the Web Cryptography WG for joining us to discuss some of the privacy considerations associated with the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2].
Special thanks to Ryan Sleevi, Mark Watson, Virginie Galindo, and to our scribes Nick Doty and Joe Hall.
(1) Web Cryptography
There are three documents under active development (Web Cryptography API, WebCrypto Key Discovery and non-normative Web Cryptography API Use Cases [3]).
Ryan Sleevi gave a brief introduction to the Web Cryptography API and its privacy considerations. The Web Cryptography API provides basic cryptography services (encrypt/decrypt, sing, hash). The draft API uses an abstract key object (opaque key handles): an attacker may or may not be able to extract the raw key. The key material is good if it is random and not shared with anyone in the world, but it is also a very long persistent identifier with strong mathematical binding. To mitigate the privacy risk, the WG has specified that key storage is handled by existing Web storage (e.g. IndexDB). PostMessage is used for inter-origin messaging. The draft API design leverages the privacy characteristics of those APIs. If users clear this storage, it will remove the keys (parallel to clearing â€œthe cookie-jarâ€